Bug 276338
| Summary: | [Cocoa] Recognize a second entitlement to allow non-Lockdown Mode processes to launch | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Brent Fulgham <bfulgham> |
| Component: | WebKit Misc. | Assignee: | Brent Fulgham <bfulgham> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Brent Fulgham
Applications using `WKWebView` that have the `com.apple.developer.web-browser` entitlement can request that a particular page be loaded outside of Lockdown Mode. This allows users to bypass LDM on sites that don't work well under that restricted set of features.
We would like to permit some system processes to launch a plain WKWebView in lockdown mode because of similar compatibility issues. We do not want to use the `web-browser` entitlement, since we do not want the other powerful features that entitlement grants.
We are adding a managed entitlement to support this restricted use case: `com.apple.private.allow-ldm-exempt-webview`
This patch recognizes this new entitlement as an alternative to `com.apple.developer.web-browser` for this specific case.
<rdar://127464996>
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Brent Fulgham
Pull request: https://github.com/WebKit/WebKit/pull/30579
EWS
Committed 280761@main (ee77044edb54): <https://commits.webkit.org/280761@main>
Reviewed commits have been landed. Closing PR #30579 and removing active labels.